Apache HTTPD: HTTP/2 CONTINUATION denial of service (CVE-2016-8740)
|5||(AV:N/AC:L/Au:N/C:N/I:N/A:P)||December 05, 2016||December 05, 2016||January 08, 2018|
The HTTP/2 protocol implementation (mod_http2) had an incomplete handling of the LimitRequestFields directive. This allowed an attacker to inject unlimited request headers into the server, leading to eventual memory exhaustion.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- SUSE: CVE-2016-8740: SUSE Linux Security Advisory
- HP-UX: CVE-2016-8740: HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities
- Gentoo Linux: CVE-2016-8740: Apache: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7
- Alpine Linux: CVE-2016-8740: apache2 Multiple vulnerabilities
- OS X update for apache (CVE-2016-8740)
- FreeBSD: (Multiple Advisories) (CVE-2016-8740): Apache httpd -- several vulnerabilities
- Oracle Solaris 11: CVE-2016-8740: Vulnerability in Apache HTTP server
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6